[Full-Disclosure] Vulnerability Disclosure Technics

• Previous message: Kevin Davis: "[Full-Disclosure] Re: USB risks (continued)"
• Next in thread: Oliver_at_greyhat.de: "Re: [Full-Disclosure] Vulnerability Disclosure Technics"
• Reply: Oliver_at_greyhat.de: "Re: [Full-Disclosure] Vulnerability Disclosure Technics"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Vulnerability Disclosure Technics"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Sat, 19 Jun 2004 21:41:35 -0700 (PDT)

Hi
A question is in my mind everywhen I see a
vulnerability disclosure. I want to know how a person
finds a security vulnerability in a software. Is there
a regular way?
Suppose that I am technical chair of a software group
and we have a software that security consideration
is important for us. How can I test our software to
ensure that no security vulnerabilities (like buffer
overflow vuln) exists in our software product. Or it
is question for me how for example eEye find many
vulnerabilities in software products. Is there a
regular and formal way? Is there some tools, technics,
method, ... for this purpose, for finding a
vulnerability in a software?

Thanks
John

                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Kevin Davis: "[Full-Disclosure] Re: USB risks (continued)"
• Next in thread: Oliver_at_greyhat.de: "Re: [Full-Disclosure] Vulnerability Disclosure Technics"
• Reply: Oliver_at_greyhat.de: "Re: [Full-Disclosure] Vulnerability Disclosure Technics"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Vulnerability Disclosure Technics"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]